Applying collaborative anti-spam techniques to anti-virus
Adam J. O'Donnell, Vipul Ved Prakash Cloudmark Inc.
One of the most effective techniques available for combating spam is the widespread
application of collaborative filtering, where members of a community submit votes as
to whether or not a piece of content is spam. The success of such a system is contingent
upon the assumption that individual users can, with high accuracy, determine the difference
between a piece of spam and a piece of legitimate mail. It is non-obvious that this
assumption will also hold true for email-borne malware threats, whose sole indicator is
often the presence of an attachment on a seemingly legitimate email.
In this paper we present data and analysis of our successes in applying a collaborative
filter originally designed for anti-spam to the anti-virus problem. Our results from specific
case studies will be discussed, including the CME-24 outbreak of early 2006. We show
that not only is a collaborative filter effective for filtering viruses, the large number
of participants allow the filter to begin acting on the virus within minutes of its
initial sighting with an extremely low false positive rate.
